Jump to content

Recommended Posts

Posted

imma chill now, i've been trial and error for 6 hours, and yeah, cool innit, free hacks for yall and me dying kek

Posted
11 hours ago, AngelWolf said:

BEHOLD
second test changing to alex
alextest.thumb.png.f3254c1b850746026cd94f7c478364d5.png

third to other name,
noicebabytest.thumb.png.15866b54d4a1d8c080fac7e240dbe23a.png

and NO LIMIT, normal peeps will only get once, and pay after

explanation below
image.thumb.png.989face2faf811c34679b2c99bc06afb.png

image.thumb.png.165ebb1a6ba3ebb7c8ef4dd7612ea6e5.png

on the decrypt, it should be JSON.stringify(response.body), ma bad

You can make a request for the server to give you the PREMIUM for free as was done with the Name

Posted

unsure, ill see bout it

9 hours ago, enriquecor said:

You can make a request for the server to give you the PREMIUM for free as was done with the Name

yea, i still wondering on how to ban and such, there's no exposed endpoint, and im incline to believe it's websocket connection rather post request, i also dont know where tf the pincode is
the code keeps refering to main.multiplayer.masterServer.pincode, and when i look into it, it gives
main.profile.get('pincode') and when i look both profile and saves, no key is called pincode, i'll assume it's either the name obfuscated or it just doesnt exist without websocket connection

 

Posted (edited)
19 minutes ago, AngelWolf said:

unsure, ill see bout it

yea, i still wondering on how to ban and such, there's no exposed endpoint, and im incline to believe it's websocket connection rather post request, i also dont know where tf the pincode is
the code keeps refering to main.multiplayer.masterServer.pincode, and when i look into it, it gives
main.profile.get('pincode') and when i look both profile and saves, no key is called pincode, i'll assume it's either the name obfuscated or it just doesnt exist without websocket connection

 

There are clues how to ban, basically use chat (via websocket). Some of the basic commands are "/ban", "/unban" , "/mute", "unmute", you need special access to be able to use those commands (getAccessLevel). 

pincode is used to gain access. It's also something that is given to each moderator with a different pincode. If you can bypass this and force yourself to gain the access level then chances are you can do it.

Edited by emoce
Posted
4 hours ago, emoce said:

There are clues how to ban, basically use chat (via websocket). Some of the basic commands are "/ban", "/unban" , "/mute", "unmute", you need special access to be able to use those commands (getAccessLevel). 

pincode is used to gain access. It's also something that is given to each moderator with a different pincode. If you can bypass this and force yourself to gain the access level then chances are you can do it.

i see the AccessLevel you mentions, tho im unsure on how to modify it, i will experiment more, but you can get premium on profile level but items still getting checked locally i think, i'll test more, today i spent good 10 hours making a website page to encrypt and decrypt a SaveData, so im not bound to do it manually

 

80% of the time spent on figuringing the encryptions

Posted
3 minutes ago, AngelWolf said:

i see the AccessLevel you mentions, tho im unsure on how to modify it, i will experiment more, but you can get premium on profile level but items still getting checked locally i think, i'll test more, today i spent good 10 hours making a website page to encrypt and decrypt a SaveData, so im not bound to do it manually

 

80% of the time spent on figuringing the encryptions

The encryption method you provided before is correct. All encrypted data will be readable as json. After that, it's not difficult.

 

Screenshot_20230630-171555~2.png

Posted
10 hours ago, emoce said:

The encryption method you provided before is correct. All encrypted data will be readable as json. After that, it's not difficult.

 

Screenshot_20230630-171555~2.png

it's AES-256-CBC with custom String Replace after, i already found it, the thing i wanted is replicate it with Nodejs or perhaps JS, on browser or back end, soo i dont need to runs it on lua, and that's what makes me spent alot of time, it just send different thing while has the same message in it, on lua i can just send Data + Key and done, while i do that on js, Data + Key, it send absolutely different thing,maybe im just too dumb to know it. 

Posted (edited)

Is there or does anyone have an updated google sheet of items ID with emba project items IDs added to it?, and is there a working caps hack?, angelwolf's script caps hack being as dangerous as it was stated (free shopping) doesn't work on version 1.768

Edited by Toxion
Posted (edited)

Evening, i went and extracted the apk and got some of the items names of the last event, then went and did some conversion for the sake of swapping some emba items : str to hex to decimal, and so i tried to swap one of the emba project items (the emba robot) with a random item i have, and the game image freezes, i can still hear the sound but the picture is frozen can't interact or do anything, tried the same thing with tactical armor, and it froze also, idk why, it works with other items, but the emba project items: instant freeze on swapping, when i reset the game the swap doesn't happen, don't know if the devs figured a way to counter this for future events, however when i try to swap into any rare emba item it crashes instantly, anyone got a solution for this?

emba_robot :

1,633,840,485D (emba)

1,651,470,943D (_rob)

29,807D (ot)

And the length is 10 so : 10D;1,633,840,485D;1,651,470,943D;29,807D:25

Can someone try and swap it and tell me if it crashes for them also, thanks

Edited by Toxion
Posted

Edit: i've found the problem, it was an early account, so i needed to pass the tutorial and few quests ahead, until i help the boatman and he takes me on his boat with him, then i can mess with the emba items all i want

Posted
10 hours ago, AngelWolf said:

it's AES-256-CBC with custom String Replace after, i already found it, the thing i wanted is replicate it with Nodejs or perhaps JS, on browser or back end, soo i dont need to runs it on lua, and that's what makes me spent alot of time, it just send different thing while has the same message in it, on lua i can just send Data + Key and done, while i do that on js, Data + Key, it send absolutely different thing,maybe im just too dumb to know it. 

What I showed before was already in web using js.

On 6/29/2023 at 2:16 PM, AngelWolf said:

BROOOOOO. DID I JUST DO THAT OR THAT'S JUST A FLUKE

image.thumb.png.3ff906e72e0a8488a7a0472da1ed49b8.png

My example is using basic js only.

 

Screenshot_20230701-143714~2.png

Screenshot_20230701-143726~3.png

Posted (edited)

While I really wanna join this bangwagon of hacking the game via custom http requests, I'm not quite there yet. I'm quite good at JS, but... maybe later. Don't wanna bother with encrypting/decrypting, looking into network logs and whatnot. And this is while 90% of the game is easily owned with simple memory editing. Here, another one:

image.thumb.png.34e242581632391555bac058eb08cbc0.png

I can't find this info in the repo. Is the caps store there? Oh, this store must have been added in 767, and the repo is 766.

Edited by cth
Posted (edited)
On 6/23/2023 at 8:23 PM, cth said:

Yep, emba disks work. Odd that I didn't find it on my own. I found the code that declared these variables, but I couldn't do it the first time. But it works fine now. Thanks man!

 

Where did you get the rep and 

Dude, nicely done, since you're exploring into memory editing and such, can you try figuring out how to level up past event items like demon guise and arctic armor, i'm sure there is a leveling system of somesort that you can find and manipulate in game guardian to level up the items after the events ended, i've been trying for days though with no success, sorry about the quote, my browser is acting up

Edited by ToxioNN
Posted (edited)
5 minutes ago, ToxioNN said:

Dude, nicely done, since you're exploring into memory editing and such, can you try figuring out how to level up past event items like demon guise and arctic armor, i'm sure there is a leveling system of somesort that you can find and manipulate in game guardian to level up the items after the events ended, i've been trying for days though with no success, sorry about the quote, my browser is acting up

So first, Emba made those items obsolete more or less. Emba armor is better than maxed event items.

But I just simply don't have those items on me. It's a new account I'm playing. Wait till the next event, I'm pretty sure they will keep the same leveling system and we will figure it out when the events are on.

I'm trying now to get a few hundred of orange injectors but without opening half a thousand of expedition cases. I'm looking for a nicer solution. Lulz.

Edited by cth
Posted

Are you using the recipe methode of duplication to avoid getting soft banned online?, and what's the safest methode to level up without getting soft banned is manipulating survivor base quest exp rewards along with the currency nd reputation safe online?, there is a lot that idk about online safety methodes, cuz i've been messing offline in single player only, so idk what to avoid doing online to avoid getting soft banned, i heard the cheat detection system is pretty strict online

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.